Wordpress Users Disclosure

Disclosed: 2019-07-01 09:32:11 By abay To nextcloud

High

Vulnerability Details

**Information** Using REST API, we can see all the WordPress users/author with some of their information. **Step to Reproduce** You can get user info by entering below url in your browser: https://nextcloud.com/wp-json/wp/v2/users Reference: [#356047](https://hackerone.com/reports/356047) ## Impact Authors : LTR , LTREditor can be created scenario of doing bruteforce attacks to this users.

Actions

View on HackerOne

Report Stats

Report ID: 625199
State: Closed
Substate: duplicate
Upvotes: 8

Wordpress Users Disclosure

Vulnerability Details

Actions

Report Stats

Share this report